smartcloud-authorization

SmartCloud authorization client library for Node.js

Usage no npm install needed!

<script type="module">
  import smartcloudAuthorization from 'https://cdn.skypack.dev/smartcloud-authorization';
</script>

README

smartcloud-authorization

Client library providing extensions to the standard firebase and firebase-admin libraries for simplifying working with custom authorization within SmartCloud.

Prerequisites

The target firebase project intended for use with this library should be on the Blaze plan to support creating multiple Realtime Database instances. A secondary database with -auth appended to the default project ID should be prepared beforehand which will be dedicated to holding authorization data.

https://firebase.google.com/docs/database/usage/sharding#create_multiple_instances

Initializing the library

This library should be initialized by supplying an initialized firebase app instance to the Authorization class constructor. The app can be a firebase client instance or from the admin SDK.

const firebase = require('firebase'); // or use firebase-admin
const app = firebase.initializeApp({
  // project config
});

const { Authorization } = require('smartcloud-authorization');
const authorization = new Authorization(app);

When using a standard firebase app instances you will be required to authenticate as normal with user credentials.

https://firebase.google.com/docs/auth/

Usage

After authenticating, the available methods with this library include:

// in client mode, you can use the following two methods to
// read any arbitrary path in the auth database (including paths
// that target other user's IDs) as long as the security rules
// of the database permits that read request

getRef(path)
getValue(path)

// in client mode, omit the userId parameter from every method call
// the following methods can only be used to query your own permissions

getPermissionValue(subpath, userId)
hasApiPermission(role, userId)
hasAppPermission(org, groupRef, userId)
hasServicePackPermission(org, groupRef, user)
hasMobilePermission(org, groupRef, user)
hasAnyPermission(groupRef, user)
canReadApiGroup(organizationId, groupRef, user)
canWriteApiGroup(organizationId, groupRef, user)
canReadApiOrganization(organizationId, user)
canWriteApiOrganization(organizationId, user)
getApiGroups(organizationId, userId)
getApiOrganizations(user)

// methods that are only available in admin mode

grantApiGroupRead(organizationId, type, groupRef, userId)
grantApiGroupWrite(organizationId, type, groupRef, userId)
grantApiOrganizationRead(organizationId, userId)
grantApiOrganizationWrite(organizationId, userId)
revokeApiGroup(organizationId, type, groupRef, userId)
revokeApiOrganization(organizationId, userId)